Error 1620 : 2250 – PsExec Access is denied

[myrdin]

Hi,

We are running a licensed version of the product.
On the same subnet (so no firewall in the middle), I can:
– Get OS = returns value
– Windows Updates – check for updates: on some servers works (like 2 – 3), on some servers (like at least 15) it get stuck a couple of seconds after it exececutes the batchpatchremoteagent.exe with error 1620 : 2250.

– $admin is writable and accessible from the batchpatch server
– /program files/batchpatch through c$ is accessible and writable
– tried with or without our EDR
– tried with or without windows firewall on or off
– tried with domain admins account (which are local admins on the remote machine), as well as using the remote local admin account.
– tried with UAC off
– tried with the registry key allowlocaltokensomething
– batchpatch is running as administrator
– in an elevated command prompt, if you do psexec \\server -u administrator cmd.exe (local, remote or the supersecret microsoft superadmin password that unlock all Microsoft Servers since Windows nt3.5), it doesnt work, it always drop access denied.

The only real piece of info i have at the moment is that psexec is unable to create the psexecsvc and so unable to launch the batchpatchremoteagent.exe, but why it stops with 2250 (which is a network error), not sure. No logs in event viewer show any trace of this error.

There is obviovusly something going on in our environment, prob a GPO of some sort.

Wondering if you have piece of wisdom to share.

thanks

[doug]

Have a look here: Troubleshooting Errors 1611: 64 , 1620: 64 , 1611: 2250 , 1620: 2250

[myrdin]

Hi,

thanks.

– We tried with no EDR/AV installed
– We tried with Windows Firewall completely off.

I think it is some sort of policy or some weird rights settings configured deep inside Windows, just checking if someone might have any idea.

thanks any way

[doug]

Which OS is installed/running on the BatchPatch host and which OS is running on the target? Please be as specific as possible with version numbers, build numbers, service packs etc. You can actually see this info using BatchPatch under ‘Actions > Get Info > Get OS Version’

Which version of PsExec are you using?

Is ‘Tools > Settings > Use PsExec -r switch’ in BatchPatch enabled?

Thanks

[myrdin]

Hi,

batchpatch: Microsoft Windows Server 2019 Standard 10.0.17763 (SP0) [x64-based PC]

target: Microsoft Windows Server 2016 Standard 10.0.14393 (SP0) [x64-based PC]
or Microsoft Windows Server 2019 Standard 10.0.17763 (SP0) [x64-based PC]

Psexec 2.4 (also tried psexec64, with same result).

-r switch is enabled.

thanks

[doug]

I’m sorry to say that I’m not sure what could be causing this in your environment. Generally speaking this is something we would really only expect to see if an AV or HIPS or similar security or endpoint protection software was involved and was severing the connection in the middle of processing. If you haven’t already done so, I would suggest trying to run BP from a different source computer, just to ensure that there isn’t something weird going on with the particular BP computer. However, you said that things work for a few targets, so it could conceivably also be some weird issue on the problematic targets and not an issue with the BP machine. Unfortunately it’s very tough to guess at what else it might be.

[Author]

Posts